Apple Inc. (NASDAQ:AAPL) recently responded in a statement regarding a possible malicious software bug. The latest iOS vulnerability is called Masque Attack and it involves fake apps which pretend to be real software programs such as banking or financial apps. Since the phony apps mimics the user interface of the program it pretends to be, users can easily be tricked into entering sensitive information which is then shared with an on-site command and control server.
Apple opens up about latest vulnerability
The iPhone maker offered the following response in a statement to iMore, “We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.
Apple’s response essentially echos an earlier report from Apple Insider which reported the malware is only a danger to those who disable security. Most iOS and iOS X users are protected from viruses and malware unless said user bypasses security systems, jailbreaks the iOS, disabling protections of Mac OS X Gate Keeper, or selecting “Trust” app installs from an “Untrusted App Developer”.
A problem with vulnerabilities
Last week, a new attack dubbed WireLurker, was initially discovered in China. It is based on the same vulnerability disclosed earlier this week by FireEye. At the time, Apple claimed it was aware of the problem and was fixing the problem.
This is just the second time in the past few weeks when researchers brought up concerns regarding Apple’s security. For years, Apple has boasted its strong security as a benefit over competitors.
Source: iMore